Security, an area in which Microsoft has been widely criticized, provides the basis for perhaps the most persuasive...
pitch for value-added resellers (VARs) and other channel companies trying to talk customers into an upgrade.
But, after literally years of talk from Redmond about what security might or might not be in the final version, it might take a lot of education to set realistic expectations with customers.
"The role of us as the solution provider will be explaining to customers the security capabilities in Vista and the true limitations of those capabilities," said Rob Eggebrecht, senior partner at BEW Global, a security solution provider in Castle Rock, Colo.
"For example, we have noticed that Microsoft is making a big push into the antispam space, but we don't think that Vista will be as robust as what you get with a standalone product. That's going to be something that we will really want to talk to our customers about."
However, security vendors are also talking to customers – mostly about how features designed to protect Vista's kernel from malware could also lock out the security products customers use to enforce enterprisewide security procedures.
"For the first time, Microsoft shut off security providers' access to the core of its operating system — what is known as the 'kernel,'" said McAfee in an open letter to computer users.
"At the same time, Microsoft has firmly embedded in Vista its own Windows Security Center — a product that cannot be disabled even when the user purchases an alternative security solution. However, in many ways, adopting Vista will simply make the security conundrum more complex for users."
That leaves it to solution providers to help customers find the right combination of products to protect their networks, Eggebrecht said. BEW Global currently supports ten different security solutions and anticipates that none of them will be rendered unnecessary by Vista.
Among the features Microsoft touts most aggressively are its BitLocker Drive Encryption – which is designed to protect data in lost or stolen machines by encrypting data on the hard drive – and an expanded Windows Rights Management Service that gives administrators more granular control over who can access or change sensitive data, according to a June Microsoft report on Vista security. It has also improved the Encrypting File System itself, the company said.
"Vista has made a lot of advancements," according to Raanan, whose particular favorites include secure access with user account control, smart card deployment and encryption features.
The Vista OS User Account control allows individual users some administrative privileges, while still protecting the system from malware, unauthorized software and unapproved system changes.
Internet Explorer Protected Mode promises to protect users from malicious Web sites by restricting the browser's ability to modify the system. In addition, Vista's Firewall allows individual PCs to be isolated both from the network domain and the Internet, Becker said.
"The biggest difference that Vista will give users is better technology to lock down systems," Silver said. "It's good technology, but that's not all customers need. There are political issues that organizations have to sort through and they have to test their applications. There's still a lot of work to do to make that security successful."